[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP replication 'credentials'

To: Emmanuel Dreyfus <manu@netbsd.org>
Subject: Re: OpenLDAP replication 'credentials'
From: Michael Ströder <michael@stroeder.com>
Date: Thu, 08 May 2008 11:33:08 +0200
Cc: openldap-software@openldap.org
In-reply-to: <1igla89.5g49cy16hjol5M%manu@netbsd.org>
References: <1igla89.5g49cy16hjol5M%manu@netbsd.org>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.13) Gecko/20080313 SeaMonkey/1.1.9

Emmanuel Dreyfus wrote:

Michael Ströder <michael@stroeder.com> wrote:

Anyway either the private key has to be stored somewhere 1. in clear or
2. password-protected. 2. would require manual admin interaction during
startup. (I don't know whether that's supported at all.)

Sure, but it's not a shared secret.

Yes, but you won't gain much security compared to sending the password in clear over the wire (protected by encrypted tunnel) and let the server compare it to a hashed password. In both configurations you have to store the credentials in the client's configuration as clear-text.

Ciao, Michael.

References:
- Re: OpenLDAP replication 'credentials'
  - From: manu@netbsd.org (Emmanuel Dreyfus)

Prev by Date: Re: Migrating from 2.3 to 2.4 branch.
Next by Date: Re: Migrating from 2.3 to 2.4 branch
Index(es):
- Chronological
- Thread